{-# INCLUDE "HsOpenSSL.h" #-}{-# LINE 1 "OpenSSL/X509/Revocation.hsc" #-}{- -*- haskell -*- -}{-# LINE 2 "OpenSSL/X509/Revocation.hsc" #-}-- #prune-- |An interface to Certificate Revocation List.{-# LINE 8 "OpenSSL/X509/Revocation.hsc" #-}moduleOpenSSL.X509.Revocation(-- * TypesCRL,X509_CRL-- privae,RevokedCertificate(..)-- * Functions to manipulate revocation list,newCRL,wrapCRL-- private,withCRLPtr-- private,signCRL,verifyCRL,printCRL,sortCRL-- * Accessors,getVersion,setVersion,getLastUpdate,setLastUpdate,getNextUpdate,setNextUpdate,getIssuerName,setIssuerName,getRevokedList,addRevoked)whereimportControl.MonadimportData.Time.ClockimportData.TypeableimportForeignimportForeign.CimportOpenSSL.ASN1importOpenSSL.BIOimportOpenSSL.EVP.Digesthiding(digest)importOpenSSL.EVP.PKeyimportOpenSSL.EVP.VerifyimportOpenSSL.StackimportOpenSSL.UtilsimportOpenSSL.X509.Name-- |@'CRL'@ is an opaque object that represents Certificate Revocation-- List.newtypeCRL=CRL(ForeignPtrX509_CRL)dataX509_CRLdataX509_REVOKED-- |@'RevokedCertificate'@ represents a revoked certificate in a-- list. Each certificates are supposed to be distinguishable by-- issuer name and serial number, so it is sufficient to have only-- serial number on each entries.dataRevokedCertificate=RevokedCertificate{revSerialNumber::Integer,revRevocationDate::UTCTime}deriving(Show,Eq,Typeable)foreignimportccallunsafe"X509_CRL_new"_new::IO(PtrX509_CRL)foreignimportccallunsafe"&X509_CRL_free"_free::FunPtr(PtrX509_CRL->IO())foreignimportccallunsafe"X509_CRL_sign"_sign::PtrX509_CRL->PtrEVP_PKEY->PtrEVP_MD->IOIntforeignimportccallunsafe"X509_CRL_verify"_verify::PtrX509_CRL->PtrEVP_PKEY->IOIntforeignimportccallunsafe"X509_CRL_print"_print::PtrBIO_->PtrX509_CRL->IOIntforeignimportccallunsafe"HsOpenSSL_X509_CRL_get_version"_get_version::PtrX509_CRL->IOCLongforeignimportccallunsafe"X509_CRL_set_version"_set_version::PtrX509_CRL->CLong->IOIntforeignimportccallunsafe"HsOpenSSL_X509_CRL_get_lastUpdate"_get_lastUpdate::PtrX509_CRL->IO(PtrASN1_TIME)foreignimportccallunsafe"X509_CRL_set_lastUpdate"_set_lastUpdate::PtrX509_CRL->PtrASN1_TIME->IOIntforeignimportccallunsafe"HsOpenSSL_X509_CRL_get_nextUpdate"_get_nextUpdate::PtrX509_CRL->IO(PtrASN1_TIME)foreignimportccallunsafe"X509_CRL_set_nextUpdate"_set_nextUpdate::PtrX509_CRL->PtrASN1_TIME->IOIntforeignimportccallunsafe"HsOpenSSL_X509_CRL_get_issuer"_get_issuer_name::PtrX509_CRL->IO(PtrX509_NAME)foreignimportccallunsafe"X509_CRL_set_issuer_name"_set_issuer_name::PtrX509_CRL->PtrX509_NAME->IOIntforeignimportccallunsafe"HsOpenSSL_X509_CRL_get_REVOKED"_get_REVOKED::PtrX509_CRL->IO(PtrSTACK)foreignimportccallunsafe"X509_CRL_add0_revoked"_add0_revoked::PtrX509_CRL->PtrX509_REVOKED->IOIntforeignimportccallunsafe"X509_CRL_sort"_sort::PtrX509_CRL->IOIntforeignimportccallunsafe"X509_REVOKED_new"_new_revoked::IO(PtrX509_REVOKED)foreignimportccallunsafe"X509_REVOKED_free"freeRevoked::PtrX509_REVOKED->IO()foreignimportccallunsafe"X509_REVOKED_set_serialNumber"_set_serialNumber::PtrX509_REVOKED->PtrASN1_INTEGER->IOIntforeignimportccallunsafe"X509_REVOKED_set_revocationDate"_set_revocationDate::PtrX509_REVOKED->PtrASN1_TIME->IOInt-- |@'newCRL'@ creates an empty revocation list. You must set the-- following properties to and sign it (see 'signCRL') to actually use-- the revocation list. If you have any certificates to be listed, you-- must of course add them (see 'addRevoked') before signing the list.---- [/Version/] See 'setVersion'.---- [/Last Update/] See 'setLastUpdate'.---- [/Next Update/] See 'setNextUpdate'.---- [/Issuer Name/] See 'setIssuerName'.--newCRL::IOCRLnewCRL=_new>>=wrapCRLwrapCRL::PtrX509_CRL->IOCRLwrapCRLcrlPtr=newForeignPtr_freecrlPtr>>=return.CRLwithCRLPtr::CRL->(PtrX509_CRL->IOa)->IOawithCRLPtr(CRLcrl)=withForeignPtrcrl-- |@'signCRL'@ signs a revocation list with an issuer private key.signCRL::CRL-- ^ The revocation list to be signed.->PKey-- ^ The private key to sign with.->MaybeDigest-- ^ A hashing algorithm to use. If @Nothing@-- the most suitable algorithm for the key-- is automatically used.->IO()signCRLcrlpkeymDigest=withCRLPtrcrl$\crlPtr->withPKeyPtrpkey$\pkeyPtr->dodigest<-casemDigestofJustmd->returnmdNothing->pkeyDefaultMDpkeywithMDPtrdigest$\digestPtr->_signcrlPtrpkeyPtrdigestPtr>>=failIf(==0)return()-- |@'verifyCRL'@ verifies a signature of revocation list with an-- issuer public key.verifyCRL::CRL->PKey->IOVerifyStatusverifyCRLcrlpkey=withCRLPtrcrl$\crlPtr->withPKeyPtrpkey$\pkeyPtr->_verifycrlPtrpkeyPtr>>=interpretwhereinterpret::Int->IOVerifyStatusinterpret1=returnVerifySuccessinterpret0=returnVerifyFailureinterpret_=raiseOpenSSLError-- |@'printCRL'@ translates a revocation list into human-readable-- format.printCRL::CRL->IOStringprintCRLcrl=domem<-newMemwithBioPtrmem$\memPtr->withCRLPtrcrl$\crlPtr->_printmemPtrcrlPtr>>=failIf(/=1)bioReadmem-- |@'getVersion' crl@ returns the version number of revocation list.getVersion::CRL->IOIntgetVersioncrl=withCRLPtrcrl$\crlPtr->liftMfromIntegral$_get_versioncrlPtr-- |@'setVersion' crl ver@ updates the version number of revocation-- list.setVersion::CRL->Int->IO()setVersioncrlver=withCRLPtrcrl$\crlPtr->_set_versioncrlPtr(fromIntegralver)>>=failIf(/=1)>>return()-- |@'getLastUpdate' crl@ returns the time when the revocation list-- has last been updated.getLastUpdate::CRL->IOUTCTimegetLastUpdatecrl=withCRLPtrcrl$\crlPtr->_get_lastUpdatecrlPtr>>=peekASN1Time-- |@'setLastUpdate' crl utc@ updates the time when the revocation-- list has last been updated.setLastUpdate::CRL->UTCTime->IO()setLastUpdatecrlutc=withCRLPtrcrl$\crlPtr->withASN1Timeutc$\time->_set_lastUpdatecrlPtrtime>>=failIf(/=1)>>return()-- |@'getNextUpdate' crl@ returns the time when the revocation list-- will next be updated.getNextUpdate::CRL->IOUTCTimegetNextUpdatecrl=withCRLPtrcrl$\crlPtr->_get_nextUpdatecrlPtr>>=peekASN1Time-- |@'setNextUpdate' crl utc@ updates the time when the revocation-- list will next be updated.setNextUpdate::CRL->UTCTime->IO()setNextUpdatecrlutc=withCRLPtrcrl$\crlPtr->withASN1Timeutc$\time->_set_nextUpdatecrlPtrtime>>=failIf(/=1)>>return()-- |@'getIssuerName' crl wantLongName@ returns the issuer name of-- revocation list. See 'OpenSSL.X509.getIssuerName' of-- "OpenSSL.X509".getIssuerName::CRL->Bool->IO[(String,String)]getIssuerNamecrlwantLongName=withCRLPtrcrl$\crlPtr->donamePtr<-_get_issuer_namecrlPtrpeekX509NamenamePtrwantLongName-- |@'setIssuerName' crl name@ updates the issuer name of revocation-- list. See 'OpenSSL.X509.setIssuerName' of "OpenSSL.X509".setIssuerName::CRL->[(String,String)]->IO()setIssuerNamecrlissuer=withCRLPtrcrl$\crlPtr->withX509Nameissuer$\namePtr->_set_issuer_namecrlPtrnamePtr>>=failIf(/=1)>>return()-- |@'getRevokedList' crl@ returns the list of revoked certificates.getRevokedList::CRL->IO[RevokedCertificate]getRevokedListcrl=withCRLPtrcrl$\crlPtr->dostRevoked<-_get_REVOKEDcrlPtrmapStackpeekRevokedstRevokedwherepeekRevoked::PtrX509_REVOKED->IORevokedCertificatepeekRevokedrev=doserial<-peekASN1Integer=<<((\hsc_ptr->peekByteOffhsc_ptr0))rev{-# LINE 286 "OpenSSL/X509/Revocation.hsc" #-}date<-peekASN1Time=<<((\hsc_ptr->peekByteOffhsc_ptr4))rev{-# LINE 287 "OpenSSL/X509/Revocation.hsc" #-}returnRevokedCertificate{revSerialNumber=serial,revRevocationDate=date}newRevoked::RevokedCertificate->IO(PtrX509_REVOKED)newRevokedrevoked=dorevPtr<-_new_revokedseriRet<-withASN1Integer(revSerialNumberrevoked)$\serialPtr->_set_serialNumberrevPtrserialPtrdateRet<-withASN1Time(revRevocationDaterevoked)$\datePtr->_set_revocationDaterevPtrdatePtrifseriRet/=1||dateRet/=1thenfreeRevokedrevPtr>>raiseOpenSSLErrorelsereturnrevPtr-- |@'addRevoked' crl revoked@ add the certificate to the revocation-- list.addRevoked::CRL->RevokedCertificate->IO()addRevokedcrlrevoked=withCRLPtrcrl$\crlPtr->dorevPtr<-newRevokedrevokedret<-_add0_revokedcrlPtrrevPtrcaseretof1->return()_->freeRevokedrevPtr>>raiseOpenSSLError-- |@'sortCRL' crl@ sorts the certificates in the revocation list.sortCRL::CRL->IO()sortCRLcrl=withCRLPtrcrl$\crlPtr->_sortcrlPtr>>=failIf(/=1)>>return()